summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorkroy <kroy@kroy.io>2019-10-21 13:50:05 -0500
committerkroy <kroy@kroy.io>2019-10-21 13:50:05 -0500
commitfb2cde7c0ad933ef98e462384caf104911d98fa0 (patch)
tree4131177835d510d8799f5463171e3abac25a59fc
parent6f73338f0a652ca9b68a5778456f63d098f04522 (diff)
downloadvyos-1x-fb2cde7c0ad933ef98e462384caf104911d98fa0.tar.gz
vyos-1x-fb2cde7c0ad933ef98e462384caf104911d98fa0.zip
T1756 More output for WG
-rw-r--r--op-mode-definitions/wireguard.xml2
-rwxr-xr-xsrc/op_mode/wireguard.py42
2 files changed, 42 insertions, 2 deletions
diff --git a/op-mode-definitions/wireguard.xml b/op-mode-definitions/wireguard.xml
index c5c4c9914..e52d0ad76 100644
--- a/op-mode-definitions/wireguard.xml
+++ b/op-mode-definitions/wireguard.xml
@@ -73,7 +73,7 @@
<script>${vyos_completion_dir}/list_interfaces.py --type wireguard</script>
</completionHelp>
</properties>
- <command>sudo wg show "$4"</command>
+ <command>sudo ${vyos_op_scripts_dir}/wireguard.py "$4"</command>
<children>
<leafNode name="allowed-ips">
<properties>
diff --git a/src/op_mode/wireguard.py b/src/op_mode/wireguard.py
index 4e93ec6aa..f6978554d 100755
--- a/src/op_mode/wireguard.py
+++ b/src/op_mode/wireguard.py
@@ -22,14 +22,16 @@ import sys
import shutil
import subprocess
import syslog as sl
+import re
+import time
from vyos import ConfigError
+from vyos.config import Config
dir = r'/config/auth/wireguard'
psk = dir + '/preshared.key'
-
def check_kmod():
""" check if kmod is loaded, if not load it """
if not os.path.exists('/sys/module/wireguard'):
@@ -39,6 +41,40 @@ def check_kmod():
raise ConfigError("modprobe wireguard failed")
+def showint(interface):
+ output = subprocess.check_output(["wg", "show", interface], universal_newlines=True)
+ c = Config()
+ c.set_level("interfaces wireguard {}".format(interface))
+ description = c.return_effective_value("description".format(interface))
+ """ if the interface has a description, modify the output to include it """
+ if (description):
+ output = re.sub(r"interface: {}".format(re.escape(interface)),"interface: {}\n Description: {}".format(interface,description),output)
+
+ """ pull the last handshake times. Assume if the handshake was greater than 5 minutes, the tunnel is down """
+ peer_timeouts = {}
+ last_hs_output = subprocess.check_output(["wg", "show", interface, "latest-handshakes"], universal_newlines=True)
+ for match in re.findall(r'(\S+)\s+(\d+)',last_hs_output):
+ peer_timeouts[match[0]] = match[1]
+
+ """ modify all the peers, reformat to provide VyOS config provided peername, whether the tunnel is up/down """
+ for peer in c.list_effective_nodes(' peer'):
+ pubkey = c.return_effective_value("peer {} pubkey".format(peer))
+ status = ""
+ if int(peer_timeouts[pubkey]) > 0:
+ #Five minutes and the tunnel is still up
+ if (time.time() - int(peer_timeouts[pubkey]) < (60*5)):
+ status = "UP"
+ else:
+ status = "DOWN"
+ elif (peer_timeouts[pubkey] is None):
+ status = "DOWN"
+ elif (int(peer_timeouts[pubkey]) == 0):
+ status = "DOWN"
+
+ output = re.sub(r"peer: {}".format(re.escape(pubkey)),"peer: {}\n Status: {}\n public key: {}".format(peer,status,pubkey),output)
+
+ print(output)
+
def generate_keypair(pk, pub):
""" generates a keypair which is stored in /config/auth/wireguard """
old_umask = os.umask(0o027)
@@ -124,6 +160,8 @@ if __name__ == '__main__':
'--listkdir', action="store_true", help='lists named keydirectories')
parser.add_argument(
'--delkdir', action="store_true", help='removes named keydirectories')
+ parser.add_argument(
+ '--showinterface', action="store", help='shows interface details')
args = parser.parse_args()
try:
@@ -146,6 +184,8 @@ if __name__ == '__main__':
genpsk()
if args.listkdir:
list_key_dirs()
+ if args.showinterface:
+ showint(args.showinterface)
if args.delkdir:
if args.location:
del_key_dir(args.location)